Signatures, Permissions, And The Pdf Language

Signatures, Permissions, and the PDF Language SIGNATURES AND PERMISSIONS At the PDF language level, a signature may be hooked up to one or more permission handlers. Permissions may be specified by TransformMethod (FieldMDP, DocMDP, or UR3) which use a TransformParams array to specify signature characteristics and document permissions or by /Lock in the field dictionary. Permissions can be: * Set by the author via seed values or with field properties that restrict user actions after signing. * Set by the signer when certifying to allow no changes; form fill-in & signing; or form fill-in, signing, & annotations. * Set by the signer using an approval signature under certain conditions. * Document or field-level. * A grantor of rights such as signing with an approval signature to Adobe Reader users via UR3. * A cause of invalid signatures if permissions are violated. TransformMethod

Sig Type

Notes

N/A (none)

Approval

Any number allowed. Can lock document during signing under certain conditions. Adobe Reader users can only sign when usage rights are enabled via UR3.

FieldMDP

Approval

Signer can lock document when signing if the field is last unsigned field and it contains no no seed values which prohibit locking or other locking rules.

FieldMDP

Both

Authors set permissions via the form field’s Digital Signature Properties dialog.

DocMDP

Certification

Set during certification. First signature only. By default, FieldMDP present. MDP seed value set on field will force use of certification signature.

UR3

Approval

Acrobat authors grant rigths (e.g. signing with approval signatures) to Reader users. obj<
/FT (field type e.g. /Sig)

/Action /All

/Lock

/P 1

/SV (optional: seed value)

FieldMDP TransformParams /Actions/(All | Inc. | Exc.)

Doc locked on approval signature

/SigFlags (optional: 1 or 2) /V (if signed, a sig dict. obj ID

obj<< Signature dictionary /Filter/ (signature handler)

obj<
/SubFilter/ (signature format)

/Perms

/ByteRange/ (document range)

/Perms

/Contents/ (digested content) /Type Sig /Reference (1-n sig ref dicts) /Type /SigRef /TransformMethod FieldMDP DocMDP UR3 /TransformParams /Other stuff . . .

TransformMethod sets what TransformParams are used.

obj<
/Fields/(Field names) /P (1) Field level permissions DocMDP TransformParams Allow sign, annots, etc. /P (1 | 2 | 3 ) Certification signature UR3 TransformParams /V /2.2 1

/Document/[FullSave]

2

/Form/[form field rights]

3

/Signature/[Modify]

4

/Annots/[annot rights]

5

/EF/[embedded file rights]

6

/FormEX/[form field rights]

1-6 define usage rights